The objective of software development is to produce robust, high-quality software. To do so, during development, software is extensively tested for defects. When a defect is identified, developers strive to design solutions that fix the defect without introducing new problems into the software. Large scale software projects might contain many defects that need to be identified and fixed before the software is released. Hence, testing and, as a result, debugging software can take a significant amount of software development time. Over the years, two main categories of defect-finding techniques have been developed to aid software programmers find and fix defects: black-box testing and white-box testing.
Black-box testing (BBT), also known as functional testing, is a software testing technique whereby the internal workings of a software program are not known by the tester. In BBT, a tester only knows what the inputs into a software program are and what the expected outcomes should be. The tester generally does not examine the programming code and has no knowledge of the program other than its specification. The tester, without any knowledge of the internal structure of the program, attempts to “break” it by putting the software through a battery of tests. For example, given a certain input, the tester checks to see that the program produces the expected result. The tester also performs other types of testing including, among others, stress testing and recovery testing. When testing generates unexpected results, an error message notifies the tester that an error occurred.
White-box testing (WBT) is a technique for performing static analysis on software source code. Static analysis in this context means testers have explicit access to the internal workings of the software program being tested. Unlike black-box testers, white-box testers use their specific knowledge of programming code to examine outputs. Basically, white-box testers logically step through every line and path in the source code to verify correct output. For example, a software development company might implement a review of code wherein every member of a software development team analyzes the source code for defects. The key advantage is that every line of code is evaluated for defects.
However, certain defects in source code still escape detection. For example, neither BBT nor WBT testing techniques identify every instance of certain defects related to integer processing, such as integer overflows and integer underflows. Thus, there is a need for better defect detection techniques that can detect defects such as possible integer overflows and integer underflows. Such techniques could many advantages, such as more reliable and secure software.